There is a growing problem of spyware, adware and other types of parasitic programs that surreptitiously or otherwise install themselves on computers and record everything on the host computer from files stored, websites visited to keystrokes logged. Spyware, generically, may be running on the user's own computer, a networked system, or a shared computer with the consequence that, at any point, any entered information could be compromised. Conventionally, a connection with a remote, otherwise secure website is considered secure if the communications channel is encrypted. Spyware, however, can operate to intercept or otherwise compromise the local keyboard login actions prior to encryption. Unencrypted connections are equally vulnerable.
Keyboard entered data can be captured and compromise the security of the local client, the local user, and the remote website. Keystroke logging is particularly troublesome as it increases the risk of disclosure of confidential or secure information such as login names and passwords. Spyware may discreetly transmit stolen login and password information via the Internet to malicious persons and users, who may use the information to gain access to personal information or access to server accounts. A malicious user using a keystroke logger may obtain log in information to gain access to email accounts, break into online banking and brokerage accounts, and perpetrate identity theft.
Anti-spyware programs attempt to minimize this problem by detecting and uninstalling parasitic spyware. Inherently, anti-spyware programs cannot successfully detect and remove every kind of spyware running on a computer. Anti-spyware programs can only identify and remove programs that match spyware that has already been identified. In addition, anti-spyware software requires diligent use and regular updates. There is also the added problem that when accessing online services from public computers, there is no reliable guarantee that the computer is free of spyware or that current anti-spyware programs are installed and used on the public computer.
A related problem exists for users who require a secure way to easily transmit confidential information, such as a credit card number or pin number, to each other. Transmitting confidential information via email normally requires that the individuals use public key encryption, which can be quite complex to establish, or simply leave the codes in plain text, subject to the risk that the email will be intercepted or otherwise compromised. Plain text transmission of confidential information risks interception or being otherwise compromised by a third party. Plain text transmission of confidential information also risks later compromise of a stored copy of the plain text email. Remote or Web-based email systems, such as Yahoo and Hotmail, archive email messages for extended periods, if not indefinitely. Other email systems, such as GMail, scan the contents of email, potentially compromising the plain text contents of the email. Consequently, if either the sender or recipient is using these types of services, there is a heightened risk of compromise of sensitive information transmitted in these emails.